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A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 
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earned patent term adjustment See 37 CFR 1.704(b). 

Status 
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2a)D This action is FINAL. 2b)(EI This action is non-final. 
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closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 
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DETAILED ACTION 
Specification 

1 . The lengthy specification has not been checked to the extent necessary to determine the 
presence of all possible minor errors. Applicant's cooperation is requested in correcting any 
errors of which applicant may become aware in the specification. 

Claim Rejections - 35 USC § 103 

2. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

3. Claims 1, 2, 5 5 and 6 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Matchefts et al. in view of Hansen. 

4. Regarding claim 1, Matchefts et al. teach a network management system comprising a 
plurality of network devices (figure 1; column 2 ? lines 65-67) operating in a coordinated manner 
and a management server (figure 1; column 2, lines 65-67) managing the plurality of network 
devices, the management server comprising: 

a. Means for confirming consistency of interrelated setup information set up in 
the plurality of network devices (column 4, lines 18-22). 
Although the system disclosed by Matchefts et al. shows substantial features of the 
claimed invention, it fails to disclose: 
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a. Means for generating interrelated setup information to be used for the 
plurality of network devices on which settings are to be made, the setup 
information being generated to maintain consistency. 
Nonetheless, these features are well known in the art and would have been an obvious 
modification of the system disclosed by Matchefts et aL, as evidenced by Hansen. 

In an analogous art, Hansen discloses a configuration management system for remote 
monitoring and configuration of network elements with a management server comprising: 
a. Means for generating interrelated setup information to be used for the 

plurality of network devices on which settings are to be made (column 5, lines 
23-27), the setup information being generated to maintain consistency. Note 
that the entire focus of Hansen is to maintain consistency. 
Given the teaching of Hansen, a person having ordinary skill in the art would have 
readily recognized the desirability and advantages of modifying Matchefts et al. by employing 
the generation of setup information for network elements. The system of Matchefts et al. 
receives and compares current configuration information to ensure system consistency. It is a 
logical extension of this to then generate configuration information for the client and re- 
configure it. This removes the need for a system administrator and decreases possible down 
time. 

5. Regarding claim 2, Matchefts et al and Hansen teach all the limitations as applied to 
claim 1 . Matchefts et al further teach means wherein the management server further comprises: 
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a. Means for retrieving meta-level setup information from said interrelated setup 
information (column 6, lines 38-56). Note that all the information that makes 
up the "state variable" is meta-information. 

b. Means for retrieving interrelated setup information set up in said plurality of 
network devices (column 4, lines 19-21). Note that the server communicates 
with the elements to obtain configuration or setup information. 

6. Regarding claim 5, Matchefts et al. and Hansen teach all the limitations as applied to 
claim 1 . Matchefts et al further teach means wherein: 

a. The network device is a server (column 2, lines 65-67) 
Although the system disclosed by Matchefts et al. and Hansen (as applied to claim 1) 
shows substantial features of the claimed invention, it fails to disclose including setup 
information that includes an access privilege of the server. 

Nonetheless, these features are well known in the art and would have been an obvious 
modification of the system disclosed by Matchefts et al. and Hansen. 

A person having ordinary skill in the art would have readily recognized the desirability 
and advantages of modifying Matchefts et al. and Hansen by employing the inclusion of access 
policy for a managed server. Servers are just another network element to be managed, and 
security is probably the most important aspect of server management. This would be a natural 
addition of setup information that would be a necessity for all servers to be confirmed for 
consistency and automatically configured. 

7. Regarding claim 6, Matchefts et al. and Hansen teach all the limitation as applied to 
claim 1 . Matchefts et al. further teach means wherein: 
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a. The network device is a computer executing a network application 
periodically exchanging data (column 4, lines 24-26). Note that in the 
reference, the "traps" are generated by client applications and exchanged with 
the management server. 

b. The setup information includes setup information related to the network 
application (column 4, lines 18-26). Note that in the reference, the 
configuration information can determine the communication from the client. 

8. Claims 3 is rejected under 35 U.S.C. 103(a) as being unpatentable over Matchefts et al. 
and Hansen as applied to claim 1 above, and further in view of Crichton et al. and Reid et al.. 

9. Regarding claim 3, although the system disclosed by Matchefts et al. and Hansen (as 
applied to claim 1) shows substantial features of the claimed invention, it fails to disclose means 
wherein the interrelated setup information includes tunneling setup information. 

Nonetheless, these features are well known in the art and would have been an obvious 
modification of the system disclosed by Matchefts et al. and Hansen, as evidenced by Crichton et 
al.. 

In an analogous art, Crichton et al. discloses a system for the setup of communications 
between machines behind disparate firewalls. The system includes interrelated setup information 
that includes tunneling setup information (column 4, lines 20-34). 

Given the teaching of Crichton et al., a person having ordinary skill in the art would have 
readily recognized the desirability and advantages of modifying Matchefts et al. and Hansen by 
employing tunneling setup information in the standard setup information. Firewalls are a 
common network element that must be setup in any configuration operation. Setting them up for 
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tunneling allows for greater ease of communication between machines on both sides of the 
firewall. 

10. Claims 4, 7, and 8 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Matchefts et al. and Hansen as applied to claims 1 above, and further in view of Antur et al. and 
Reid et al.. 

1 1 . Regarding claim 4, although the system disclosed by Matchefts et al. and Hansen (as 
applied to claims 1) shows substantial features of the claimed invention, it fails to disclose means 
wherein: 

a. The network device is a firewall 

b. The setup information includes setup information related to access control for 
the firewall. 

Nonetheless, these features are well known in the art and would have been an obvious 
modification of the system disclosed by Matchefts et al. and Hansen, as evidenced by Antur et 
al.. 

In an analogous art, Antur et al. disclose a system for configuration (setup) wherein: 

a. The network device is a firewall (figure 2; column 6, lines 50-55). 

b. The setup information includes setup information related to access control for 
the firewall (column 6, lines 50-55). 

Given the teaching of Antur et al., a person having ordinary skill in the art would have 
readily recognized the desirability and advantages of modifying Matchefts et al. and Hansen by 
employing the use of setup information for firewalls. Firewalls require a large amount of setup 
information and must be commonly administered by a small number of personnel. 



Application/Control Number: 09/3 1 4,629 Page 7 

Art Unit: 2153 

12. Regarding claim 7, Matchefts et al. and Hansen teach all the limitations as applied to 
claim 1 . Matchefts et al. further teach means wherein distributed routing means (to firewalls or 
other network devices) include means for setting up the setup information in the network device. 

Although the system disclosed by Matchefts et al and Hansen (as applied to claim 1) 
shows substantial features of the claimed invention, it fails to disclose: 

a. A firewall is disposed between the management server and a network device. 

b. The management server includes means for distributing routing means for 
routing settings from setup information for the firewall. 

Nonetheless, these features are well known in the art and would have been an obvious 
modification of the system disclosed by Matchefts et al. and Hansen, as evidenced by Antur et 
al.. 

In an analogous art, Antur et al. disclose a system for firewall configuration (setup) 
wherein: 

a. A firewall is disposed between the management server and a network device 
(figure 2). Note that the act of configuring the firewall fulfills this 
requirement. The reference also teaches configuration of other security 
devices inside and outside the firewall. 

b. The management server includes means for distributing routing means for 
routing settings from setup information for the firewall (column 5, lines 48- 
50). 

Given the teaching of Antur et al., a person having ordinary skill in the art would have 
readily recognized the desirability and advantages of modifying Matchefts et al. and Hansen by 
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including routing information for further setup of network devices on the other side of the 
configured firewall. This allows for a management server at a remote location (possibly a third 
party) to operate outside the firewall and provide configuration without physical access. 
13. Regarding claim 8, Matchefts et al., Hansen, and Antur et al. teach all the limitations as 
applied to claim 7. 

Although the system disclosed by Matchefts et al., Hansen, and Antur et al (as applied to 
claim 7) shows substantial features of the claimed invention, it fails to disclose means wherein 
the management server and the routing means include means for performing mutual 
authentication and means for encrypting data. 

Nonetheless, these features are well known in the art and would have been an obvious 
modification of the system disclosed by Matchefts et al., Hansen, and Antur et al. as evidenced 
by Reid et al.. 

In an analogous art, Reid et al. discloses a system for firewall configuration including 
means wherein a the management server and the routing means include means for performing 
mutual authentication and means for encrypting data (column 3, lines 1-7; column 5, lines 51- 
57). Note that the purpose of the firewall includes authentication and encryption between clients 
and servers on opposite sides of the firewall. 

Given the teaching of Reid et al., a person having ordinary skill in the art would have 
readily recognized the desirability and advantages of modifying Matchefts et al, Hansen, and 
Antur et al. by employing the inclusion of authentication and encryption instructions in the setup 
information to the firewall. These are common functions of a firewall and must be included in 
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any setup information. Including them in the automatic setup benefits the system by allowing for 
guaranteed consistency of this security policy. 

Claim Rejections - 35 USC §102 

14. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in a patent granted on an application for patent by another filed in the United 
States before the invention thereof by the applicant for patent, or on an international application by another who 
has fulfilled the requirements of paragraphs (1), (2), and (4) of section 371(c) of this title before the invention 
thereof by the applicant for patent. 

The changes made to 35 U.S.C. 102(e) by the American Inventors Protection Act of 1999 
(AIPA) do not apply to the examination of this application as the application being examined 
was not (1) filed on or after November 29, 2000, or (2) voluntarily published under 35 U.S.C. 
122(b). Therefore, this application is examined under 35 U.S.C. 102(e) prior to the amendment 
by the AIPA (pre-AIPA 35 U.S.C. 102(e)). 

15. Claim 9 is rejected under 35 U.S.C. 102(e) as being anticipated by Antur et al.. 
Antur et al teach a unified firewall management system used for a network in which 

firewalls are disposed between administrative units (figure 2) in said network wherein: 

a. A management server is disposed to set up management information for said 
firewalls (column 6, lines 50-51); 

b. Said management server includes a manager program that sets up 
management information to firewalls on the other side of other firewalls 
(column 6, lines 50-55). Note that the reference teach configuration of 
firewalls and security devices possibly inside the firewall. 
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Conclusion 



1 6. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. Sidey (USPN 5,954,797) and Lewis et al. (USPN 6,243,747) teach systems for 
automatic monitoring and updating of configuration and setup information in a network. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Kevin Parton whose telephone number is (703)306-0543. The 
examiner can normally be reached on M-F 8:00AM - 4:30PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Glenton Burgess can be reached on (703)305-4792. The fax phone numbers for the 
organization where this application or proceeding is assigned are (703)746-9242 for regular 
communications and (703)746-7238 for After Final communications. 

Any inquiry of a general nature or relating to the status of this application or proceeding 
should be directed to the receptionist whose telephone number is (703)305-3900. 



Kevin Parton 
Examiner 
Art Unit 2153 



ksp 

June 19, 2002 
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SUPERVISORY RATEMT EXAMINER 
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